|
269311
|
4.9 |
MEDIUM
Network
|
restafary_project
|
restafary
|
restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it …
|
CWE-22
Path Traversal
|
CVE-2016-10528
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269312
|
8.8 |
HIGH
Network
|
express-restify-mongoose_project
|
express-restify-mongoose
|
express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send…
|
CWE-200
Information Exposure
|
CVE-2016-10533
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269313
|
9.8 |
CRITICAL
Network
|
console-io_project
|
console-io
|
console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the con…
|
CWE-287
Improper Authentication
|
CVE-2016-10532
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269314
|
7.5 |
HIGH
Network
|
riot.js
|
riot-compiler
|
The riot-compiler version version 2.3.21 has an issue in a regex (Catastrophic Backtracking) thats make it unusable under certain conditions.
|
CWE-399
Resource Management Errors
|
CVE-2016-10527
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269315
|
8.6 |
HIGH
Network
|
grunt-gh-pages_project
|
grunt-gh-pages
|
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion…
|
CWE-255
CWE-532
Credentials Management
Inclusion of Sensitive Information in Log Files
|
CVE-2016-10526
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269316
|
8.2 |
HIGH
Network
|
i18n-node-angular_project
|
i18n-node-angular
|
i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-10524
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269317
|
7.5 |
HIGH
Network
|
mqtt-packet_project
|
mqtt-packet
|
MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10523
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269318
|
7.5 |
HIGH
Network
|
jshamcrest_project
|
jshamcrest
|
jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator.
|
CWE-20
Improper Input Validation
|
CVE-2016-10521
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269319
|
7.5 |
HIGH
Network
|
jadedown_project
|
jadedown
|
jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.
|
CWE-20
Improper Input Validation
|
CVE-2016-10520
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269320
|
7.5 |
HIGH
Network
|
webtorrent
|
bittorrent-dht
|
A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory.
|
CWE-200
Information Exposure
|
CVE-2016-10519
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
